Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1812My first report on HackerOne: A logic flaw in npm Logic flaw GitHub ElSec (@ElSec_) Bug Bounty2022-02-162023-06-13
1811How I earned $9000 with Privilege escalations Privilege escalation NA Junaid Khan (@JunoonBro) Bug Bounty2022-02-162023-06-13
1810CVE-2022-0478 - WooCommerce Event-Manager Plugin SQL Injection SQL injection Security code review Automattic (WooCommerce) Castilho (@castilho101) Bug Bounty2022-02-162023-06-13
1809Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN) RCE Unrestricted file upload OS command injection Cisco Quentin Kaiser (@QKaiser) Bug Bounty2022-02-172023-06-13
1808403 forbidden bypass & Accessing config files using a header 403 bypass Authorization flaw NA vishnurajr Bug Bounty2022-02-172023-06-13
1807Recon and YouTube, is that a thing? Subdomain takeover NA Marcos IAF / Rohit (@marcos_iaf) Bug Bounty2022-02-172023-06-13
1806Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2) Arbitrary file write Race condition Printer hacking Lexmark Cedric Halbronn (@saidelike) Bug Bounty2022-02-182023-06-13
1805Stored XSS in message.alibaba.com ($2,000) Stored XSS Alibaba R ando (@Rando02355205) Bug Bounty2022-02-182023-06-13
1804RCE in GitHub Desktop < 2.9.4 RCE GitHub Vladimir Metnew (@vladimir_metnew) Bug Bounty2022-02-182023-06-13
1803How I get my first SWAG from SIDN (Sensitive Data Exposer) Directory listing Information disclosure 403 bypass SIDN remonsec (@remonsec) Bug Bounty2022-02-192023-06-13
1802Passive Recon with Spyse (Part-II) Subdomain takeover AWS misconfiguration NA remonsec (@remonsec) Bug Bounty2022-02-192023-06-13
1801My Experience of Hacking Dutch Government - Dutch Government remonsec (@remonsec) Bug Bounty2022-02-192023-06-13
1800CVE-2022-23835: A security analysis of Visual Voicemail Voicemail hacking AT&T T-Mobile Chris Talbot Bug Bounty2022-02-192023-06-13
1799Bypassing Cloudflare’s WAF! XSS WAF bypass NA Friendly (@SkeletorKeys) Bug Bounty2022-02-192023-06-13
1798Access Control Violation - Sensitive Data Exposure Directory listing NA Nick Berrie (@machevalia) Bug Bounty2022-02-192023-06-13
1796Send a Email to me and get kicked out of Google Groups !! — #GoogleVRP — A Feature that almost broke Google Groups !! Logic flaw Authorization flaw Google Sriram Kesavan (@sriramoffcl) Bug Bounty2022-02-202023-06-13
1795XSS in hidden input field XSS NA Faizan Elahi Bug Bounty2022-02-212023-06-13
1794What an injection into jQuery-selector can lead to CSRF NA Anton Subbotin (@ska_vans) Bug Bounty2022-02-212023-06-13
1793Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql SQL injection Oracle (MySQL) stypr (@stereotype32) Bug Bounty2022-02-212023-06-13
1792How I could’ve bypassed the 2FA security of Instagram once again? MFA bypass Logic flaw Meta / Facebook Samip Aryal (@samiparyal_) Bug Bounty2022-02-212023-06-13
1791OAuth and PostMessage - Chaining misconfigurations for your access token. OAuth postMessage Token leak NA Suraj Disoja (@ninetyn1ne_) Bug Bounty2022-02-212023-06-13
1789Write Up – Android Application Screen Lock Bypass Via ADB Brute Forcing Android Bruteforce Authentication bypass NA Omar Espino (@omespino) Bug Bounty2022-02-222023-06-13
1788CVE-2021-45467: CWP CentOS Web Panel – preauth RCE RCE LFI Arbitrary file write Centos Web Panel (CWP) Paulos Yibelo (@PaulosYibelo) Bug Bounty2022-01-222023-06-13
1787Stealing a few more GitHub Actions secrets Logic flaw GitHub Teddy Katz (@not_aardvark) Bug Bounty2022-02-232023-06-13
1786How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt? SQL injection Dutch Government Göktuğ Kaya (@g0ktugkaya) Bug Bounty2022-02-242023-06-13